Privacy notice
How we collect, store, use and protect personal information.
How we collect, store, use and protect personal information.
* Updated 01 February 2024
This privacy notice applies to personal information processed by Capitec Bank Holdings (“Capitec”), including its subsidiaries, as a responsible party or any third party (such as contractors or authorised agents) acting on behalf of Capitec in terms of a contract. It explains what type of information we collect about you, how we will use that information, who we may share it with, the circumstances under which we may share it, and what steps we will take to ensure it stays private and secure.
This Privacy Notice applies to you if you are:
Personal information means information, in any format, relating to an identified or identifiable, living natural person or existing juristic person. You are identifiable if you can be identified, directly or indirectly, by reference to an identifier (for example, your ID number, account number, etc.) or accumulated information that together has a reasonable likelihood of resulting in the identification of you as the data subject by a person in possession of such information. For current purposes, personal information refers only to the personal information collected by us and does not include personal information that you may have willingly shared on other platforms (e.g., on social media sites in the public domain).
Personal information excludes:
We collect your personal information in the following instances:
We will only collect your information in line with relevant regulations and laws. The information we collect may include information that you provide to us, for example:
Depending on the products and services that you require, we may also collect sensitive personal information about you, for example:
Depending on the products and services that you use, we may also collect or generate the following information about you:
We will only process your personal information where we have a lawful reason for doing so (in this instance no consent is required), or where you have consented for us to do so, either by providing you with insights and the next best actions, marketing, and to perform analysis to improve existing products or creating new products to your benefit.
This means that the personal information collected about you, may be processed through
centralised functions and systems across entities (including joint ventures and companies) in the Capitec Group and may be used for the purposes of fraud and risk monitoring and analysis to improve, develop, price, and market products or services, in the manner, and with the appropriate controls as set out below.
We need to process your personal information to carry out the obligations of our agreement with you. This includes all the processing and pre-assessment activities that are required to enable us to sign you up for one or more of our Capitec Group products or services (for example, verifying your identity, pricing all contracts, assessing and verifying claims, assessing whether you qualify for a product or service, enrolling you for electronic signatures, obtaining your credit bureau information etc.), and managing the client relationship for the duration of the contract and as required after termination of the client relationship. We pride ourselves in providing simplified banking and financial services that offer you a single view of all your Capitec products where possible. To be able to do this we collect and process your personal and special personal information through centralised
functions and systems across entities (including joint ventures and companies) in the Capitec Group, to provide you with the products and services. Your data may be used for risk monitoring and analysis to improve, develop, price, and market appropriate and safe products or services that benefit you. We only do this with the appropriate controls set out in this Privacy Notice.
For some of our services, we require your location to confirm that you are within the borders of South Africa according to licensing, legal agreements or some Appstore third-party requirements, for example, this is required for us to enable the playing of Lotto on our digital banking channels and to accept payments via our Merchant Device. Location Services is also used for fraud and risk monitoring purposes. You may be required to allow the Capitec App to access your location services on your smart device while using the app. We will never collect your location in the background.
We may need to process your personal information to comply with specific legal obligations. We operate in a highly regulated environment of banking, insurance, financial services, credit and other goods and services, which means that there are several laws, regulations and directives that require us to perform certain processing activities.
This may include using your personal information to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and that of others.
We will mostly collect information directly from you but there may be instances where we may need to obtain your information from the Department of Home Affairs, the Credit Bureaus and other public sources, to:
We will use the most reliable source of information to update your personal information where required.
We process your personal information to protect your legitimate interest and where it is necessary for pursuing the legitimate interest of the responsible party or a third party to whom the information is supplied. We process your personal information based on this justification only where we believe that such processing is beneficial to you and is limited to such processing that is necessary to achieve the purpose. Where our own or a third party’s legitimate interest is used as the justification, we always consider the nature of the legitimate interest and whether there is a risk of harm or an unreasonable infringement of your right to privacy.
We may record details of your interactions with us, including emails, telephone conversations, live chat, and any other kinds of communications as part of our operations in line with legislation. We may use these recordings to check your instructions to us, assess, analyse, and improve our service, train our people, manage risks or prevent and detect fraud and other crimes. We may also capture additional information about these interactions, such as information about the devices or software that you use.
We may use your personal information to evaluate, improve and/or personalise existing and new products and services to your benefit. Our analysis includes data analytics, statistical or other analysis including profiling to better understand how you use our services, and to respond to any service issues you may have. You can opt out of this personal information usage at any time for direct marketing and personalised offers by changing the consent settings and communication preferences on your app or through the client care centre. Alternatively, send us a request on Processing Restriction Request | Privacy Centre | Capitec. This will only opt you out of services based on consent and legitimate interest and not where the processing of your personal information is necessary when required by law or when required to carry out the obligations of an agreement we have with you.
Where you have consented to us doing so:
These services aim to keep you informed about and offer you new products, services and benefits that help you to live better, but also to educate you about good financial behaviours based on your previous actions or needs.
We keep your information in line with our data retention policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes. This includes managing your account and dealing with any disputes or concerns that may arise, for example, to help us respond to queries or complaints, combatting fraud and financial crime and responding to requests from regulators. If we don’t need to retain information for this period, we may destroy, delete or de-identify it. Any information retained on our systems will be kept secure in line with our Information Security Policies and Standards.
Please note: We may keep your personal information even if we no longer have a banking relationship with you or if you request Capitec to delete or destroy it if the law permits or requires us to do so.
We will take the appropriate, reasonable, technical and organisational steps to protect your personal information in line with industry best practices.
Your information may be transferred to and stored in locations outside of South Africa. When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We will ensure that the receiving region has the same level of protection as we need to abide by in South Africa. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests.
We will not sell your personal information. No personal information will be disclosed to anyone except as provided in this privacy notice.
You have several rights in relation to the information that we hold about you. These rights include:
You can submit a grievance about the processing of your personal information in relation to this Privacy Notice through our Privacy Centre POPIA / Other Complaint | Privacy Centre | Capitec
You also have the right to file a complaint with the Information Regulator about an alleged contravention of the protection of your personal information. The contact details of the Information Regulator are as follows:
Visit their website | Home - Information Regulator (inforegulator.org.za) |
Postal address | P.O Box 3153, Braamfontein, Johannesburg, 2017 |
Physical address | The Information Regulator (South Africa) JD House 27 Stiemens Street Braamfontein Johannesburg 2001 |
Phone number | 010 023 5200 |
PAIAComplaints@inforegulator.org.za – should your PAIA request be denied or there is no response from public or private bodies for access to records you may use this email address to complain. POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint. |
If we change ownership, or a merger with, acquisition by, or sale of assets to another entity we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on our website. If you are concerned about your personal information being transferred to a new owner, you may exercise your rights in our Privacy Centre by clicking on the following link: Exercise Your POPIA Rights | Privacy Centre (capitecbank.co.za)
We review our practices regularly to ensure that your personal information is appropriately safeguarded and used in a responsible way to provide you with the most value. This may require that we change our data privacy policies or this notice from time to time. We will notify you of any changes by displaying a notice in a prominent place on our website or the Capitec App, or by another communications method, for example, by updating the date of this privacy notice. The notice will indicate the changes that we have made and when they came into effect.
Please note that Capitec may not be able to continue a banking or insurance relationship with a client or provide clients with certain products or services if they object to or do not agree with the changes.
The latest version of the notice made available on Capitec’s website will apply to client interactions with Capitec and will be accessible on Privacy Notice | Privacy Centre | Capitec